Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
if playerIO hashes the passwords how can they be leaked then?! this shoudlnt be possible as stated above
Hashed passwords are not impossible to crack, As a matter of fact it isn't even that hard to crack a hashed password.
Offline
Gosha wrote:peace wrote:Growler wrote:it has been speculated that there was a keylogger or bad freegame.swf that can get your account details if you type it in
Growler wrote:It's impossible for this to be part of PlayerIO's fault as they hash any password. Nobody can get them, even the hard way so if anything,
??????
What don't you understand?
Playerio stores hashed passwords and ignores the case. Leaked passwords contain case sensitive plain text passwords. So it can't be playerio to blame.if playerIO hashes the passwords how can they be leaked then?! this shoudlnt be possible as stated above
PlayerIO is not at fault for this leak
Offline
peace wrote:Gosha wrote:peace wrote:Growler wrote:it has been speculated that there was a keylogger or bad freegame.swf that can get your account details if you type it in
Growler wrote:It's impossible for this to be part of PlayerIO's fault as they hash any password. Nobody can get them, even the hard way so if anything,
??????
What don't you understand?
Playerio stores hashed passwords and ignores the case. Leaked passwords contain case sensitive plain text passwords. So it can't be playerio to blame.if playerIO hashes the passwords how can they be leaked then?! this shoudlnt be possible as stated above
PlayerIO is not at fault for this leak
but how can ahshed passwords be readable then?
thanks hg for making this much better and ty for my avatar aswell
Offline
ZeldaXD wrote:peace wrote:Gosha wrote:peace wrote:??????
What don't you understand?
Playerio stores hashed passwords and ignores the case. Leaked passwords contain case sensitive plain text passwords. So it can't be playerio to blame.if playerIO hashes the passwords how can they be leaked then?! this shoudlnt be possible as stated above
PlayerIO is not at fault for this leak
but how can ahshed passwords be readable then?
Use your logic.
You enter password in game -> it goes to pio -> pio converts it to lowercase, hashes it and stores.
If you somehow get hashed passwords and try to unhash them - you would get lowercase passwords.
It means there is something wrong in the first step
Enter password it game -> it goes to bad guys because of bad security of the game
Playerio is not the one whom you should blame
Offline
so what you say if you try to unhash then which is impossible you get the lowercase passwords but you alos say b y this post passwords are still case snsitive? and what do u mean by there is somethign wrong in the first step?
thanks hg for making this much better and ty for my avatar aswell
Offline
so what you say if you try to unhash then which is impossible you get the lowercase passwords but you alos say b y this post passwords are still case snsitive? and what do u mean by there is somethign wrong in the first step?
O my God.
Hackers hacked the badly designed game, not playerio database. That's all you need to know
Offline
so what you say if you try to unhash then which is impossible you get the lowercase passwords but you alos say b y this post passwords are still case snsitive? and what do u mean by there is somethign wrong in the first step?
Someone got access to the EE source code and programmed it to send your password to the hacker before sending it to Player.IO. So the data was stolen before it got to Player.IO.
Offline
peace wrote:so what you say if you try to unhash then which is impossible you get the lowercase passwords but you alos say b y this post passwords are still case snsitive? and what do u mean by there is somethign wrong in the first step?
Someone got access to the EE source code and programmed it to send your password to the hacker before sending it to Player.IO. So the data was stolen before it got to Player.IO.
ah this makes more sense
thanks hg for making this much better and ty for my avatar aswell
Offline
peace wrote:so what you say if you try to unhash then which is impossible you get the lowercase passwords but you alos say b y this post passwords are still case snsitive? and what do u mean by there is somethign wrong in the first step?
Someone got access to the EE source code and programmed it to send your password to the hacker before sending it to Player.IO. So the data was stolen before it got to Player.IO.
This sound wrong. My friend use lowercase on his login. Still the leak are in uppercase, how?
Offline
Pqwerty wrote:peace wrote:so what you say if you try to unhash then which is impossible you get the lowercase passwords but you alos say b y this post passwords are still case snsitive? and what do u mean by there is somethign wrong in the first step?
Someone got access to the EE source code and programmed it to send your password to the hacker before sending it to Player.IO. So the data was stolen before it got to Player.IO.
This sound wrong. My friend use lowercase on his login. Still the leak are in uppercase, how?
Yes, that's what I said on xeno's thread about this breach. It doesn't make sense
Offline
Hello, this debate went pretty hot so i’d think I join. Not chasing any side because I need PROVES.
Yes, we can discuss whatever we want, but I need to know if the following are true:
1) PlayerIO hashes passwords, right? Can the hashes be stolen?
2) How did it came, that only accounts who logged in, in a specific period of time, are stolen? Does EE kind of save the password temporary or what?
3) Gosha: can you tell more about how xenonetix managed the game? Is I confirmed that only one person worked on eeu?
4) what is eeu’s current dev stage?
Also, not my job, but stay on topic: EEs security, not EEUs progress
capasha wrote:Pqwerty wrote:peace wrote:so what you say if you try to unhash then which is impossible you get the lowercase passwords but you alos say b y this post passwords are still case snsitive? and what do u mean by there is somethign wrong in the first step?
Someone got access to the EE source code and programmed it to send your password to the hacker before sending it to Player.IO. So the data was stolen before it got to Player.IO.
This sound wrong. My friend use lowercase on his login. Still the leak are in uppercase, how?
Yes, that's what I said on xeno's thread about this breach. It doesn't make sense
Aren't all the leaked passwords case-sensitive, though?
Offline
4) what is eeu’s current dev stage?
Also, not my job, but stay on topic: EEs security, not EEUs progress
That's a little hypocritical comment, don't you think?
Offline
1) PlayerIO hashes passwords, right? Can the hashes be stolen?
The hashes would have to be stolen from Player.IO, but yes I think they could be stolen if Player.IO got hacked.
4) what is eeu’s current dev stage?
alpha
(I don't have enough technical background to answer # 2, and I'm not Gosha so I can't answer # 3)
Offline
Gosha: can you tell more about how xenonetix managed the game
No
Is I confirmed that only one person worked on eeu?
Are you confirmed?
Yes, only one person worked on eeu until the middle of January
Offline
How many people here think they know what they're talking about, but really have no idea?
This is how every forum debates ends. You have some interesting points thrown out here and there and poof, the great minds such as Anatoly, Peace joins for an ultimate ****.
Offline
1) PlayerIO hashes passwords, right? Can the hashes be stolen? idk
2) How did it came, that only accounts who logged in, in a specific period of time, are stolen? Does EE kind of save the password temporary or what? from whatpqwerty said the passwords were send to the hacker sbeofre they were send to PIO (who then hashe sthem)
3) Gosha: can you tell more about how xenonetix managed the game? Is I confirmed that only one person worked on eeu? we have now i belive 2+xeno workign on EEU luke and byte and i belle cercul1 for EEO han gon a second afeter i poste dthis ill check the fourm userlist woops forgot about koya and kenitya our ghrapics desingers i think they work on EEU too
4) what is eeu’s current dev stage? its still in alpha but its almost ready for closedbeta a few weeks left i guess
thanks hg for making this much better and ty for my avatar aswell
Offline
Finally, can't wait for closed beta, I've been forced to go to EE Kong for my fix!
Offline
so im still confused, how did some people not get hacked? is it because they didnt log in at a specific period of time? if so, it makes sense why i didnt get breached lol
Offline
@Pqwerty
There was a Twitter post, but they deleted it in a very short time.
They also disabled email notification on the blog post regarding the breach.
They wanted to cover it up as much as they could had.
Xenonetix turned not EE, not EEU, but "waiting for EEU" into his business plan.
Everybody edits, but some edit more than others
Offline
@Zumza
Maybe because they wanted to stay positive and do not make panic, taking the situation under their control?
Offline
@Zumza
Maybe because they wanted to stay positive and do not make panic, taking the situation under their control?
I have never seen a company that got hacked have got silent about it. Maybe only you and xenonetix company.
Offline
I have never seen a company that got hacked have got silent about it. Maybe only you and xenonetix company.
Im not a company. Chris Lamb doesn't have a company. People put pressure on Xenonetix and give him extra stress, so in order to avoid ridicule and criticism, he decided not to cause a panic. (My personal opinion).
Think that the topic in the forum is quite enough, because who needs join the notepad and look for someone’s account. This happened to me because I created a post earlier that made some guy find me in the sheet and log into my accounts. You make an elephant out of a fly
Offline
[ Started around 1733364854.3982 - Generated in 0.126 seconds, 12 queries executed - Memory usage: 1.85 MiB (Peak: 2.12 MiB) ]